NTP security hole CVE-2013-5211?
Brett Glass
brett at lariat.org
Sat Mar 15 09:32:02 UTC 2014
At 11:34 PM 3/14/2014, Xin Li wrote:
>I can't reproduce with fresh install. How did you tested it (or what
>is missing in the default ntp.conf), can you elaborate?
I have tested it under actual attack.
Without the lines I mentioned in /etc/ntp.conf, the server will respond
to monitor queries with rejection packets of the same size as the attack
packets. If the source addresses of the attack packets are spoofed, the
attack is relayed.
--Brett Glass
More information about the freebsd-security
mailing list